Hello i am attempting to connect to AWS IoT using a HTTPS POST request. I am following this developer guide.
So here are all steps i have done until i encountered this issue:
- Creating a Thing : a pre-requisite to do an HTTPS is to have a thing created. So under AWS IoT page on the left navigation bar
Manage > All device > Things > Create Things > Create Single Thing > Named the device 'testDevice' > Selected "No shadow" > Selected "Auto-generate a new certificate" > Skipped "Attach policies to certificate - optional" > Downloaded 5 certificates: certificate.pem.crt, public.pem.key, private.pem.key, AmazonRootCA1, and AmazonRootCA3 > Thing succesfully created
- Create the URL, which was simple to do, my endpoint was found in AWS IoT left navigation bar: Settings > endpoint
So my full url (partially redacted) is: https://xx-ats.iot.ap-northeast-1.amazonaws.com/topics/testTopic?qos=1
-
I then opened AWS IoT MQTT test client and subscribe to all topics (#)
-
Copied and modified the python(443) Script
import requests
import http.client
import json
import ssl
from pathlib import Path
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
# note the use of ALPN
ssl_context.set_alpn_protocols(["x-amzn-http-ca"])
ssl_context.load_verify_locations(cafile=R"C:\Users\myuser\Desktop\certs\AmazonRootCA1.pem")
# update the certificate and the AWS endpoint
ssl_context.load_cert_chain(R"C:\Users\myuser\Desktop\certs\certificate.pem.crt", R"C:\Users\myuser\Desktop\certs\private.pem.key")
connection = http.client.HTTPSConnection('xx-ats.iot.ap-northeast-1.amazonaws.com', 443, context=ssl_context)
message = "{'data': 'Hello, I'm using TLS Client authentication!'}"
json_data = json.dumps(message)
connection.request('POST', '/topics/testTopic?qos=1', json_data)
# make request
response = connection.getresponse()
# print results
print(response.status, response.reason)
print(response.read().decode())
Very oddly the response is Forbidden with no message
403 Forbidden
{"message":null,"traceId":"XX-XX-bdda-97d1-2d1e9723a40d"}
- Switching to the second python Script Python (8443). The code was unmodified and ran with the parameters :
test.py --endpoint xx-ats.iot.ap-northeast-1.amazonaws.com --cert C:\Users\myuser\Desktop\certs\certificate.pem.crt --key C:\Users\myuser\Desktop\certs\private.pem.key --topic "testTopic" --message "Hello from windows python!"
Response status: 403
I am again met with the response Forbidden 403. Extracting the JSON message :
{"message":null,"traceId":"XX-XX-8407-dbad-ca1c4fb30e0c"}
- Switching Now to curl with version 8.5, ran on the same directory as where the certificates folder are being stored.
C:\Users\myuser\Desktop\certs>curl --tlsv1.2 --cacert AmazonRootCA1.pem --cert certificate.pem.crt --key private.pem.key --request POST --data "{ \"message\": \"Hello, world from curl windows\" }" "https://XX-ats.iot.ap-northeast-1.amazonaws.com:8433/topics/testTopic" --verbose
Note: Unnecessary use of -X or --request, POST is already inferred.
* Host XX-ats.iot.ap-northeast-1.amazonaws.com:8433 was resolved.
* IPv6: (none)
* IPv4: XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX, XX.XX.XX.XX
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51750 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51751 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51754 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51756 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51758 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51760 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51765 failed: Timed out
* Trying XX.XX.XX.XX:8433...
* connect to XX.XX.XX.XX port 8433 from 0.0.0.0 port 51768 failed: Timed out
* Failed to connect to XX-ats.iot.ap-northeast-1.amazonaws.com port 8433 after 168465 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to XX-ats.iot.ap-northeast-1.amazonaws.com port 8433 after 168465 ms: Couldn't connect to server
C:\Users\myuser\Desktop\certs>curl --version
curl 8.5.0 (x86_64-w64-mingw32) libcurl/8.5.0 LibreSSL/3.8.2 (Schannel) zlib/1.3 brotli/1.1.0 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.58.0 ngtcp2/1.1.0 nghttp3/1.1.0
Release-Date: 2023-12-06
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd
As a cross reference check I even tried using POSTMAN to simulate the API calls, and the result is consistent with the above
Can anyone please help point out to me where i might have missed something?